School district working to improve security after hacking incident
School district officials said they are working to improve online security after a 16-year-old Lehigh Acres student was arrested Monday for allegedly hacking into the Lee County School District computer system.
More than 100 schools currently operate the ParentLink program — a school-to-home communications system facilitating connections between the community and staff — where teachers can leave messages for parents and district officials can zero in phone calls to specific students, classes or schools.
Parents also sign-on to the program and leave their own work, home or mobile phone numbers in case of emergency. On Feb. 18 the Lee County Sheriff’s Office received numerous complaints about a threatening message sent to them via ParentLink stating: “It is a good day to die; but the day is not yet over.”
District officials determined that 1,800 parents received the same message.
Pedro Diaz, a student at East Lee County High, was charged with two counts of offenses against intellectual property and three counts of impairing government operations or communications. Details aren’t available on how Diaz was identified as the suspect, but according to the sheriff’s office report, the teenager was using his home computer to sign onto ParentLink and also change grades for himself and other students.
He also reportedly changed the account settings of three Lee County School District administrators.
Although the sheriff’s office stated that Diaz “hacked” the district system, officials determined that he somehow obtained user names and passwords for ParentLink at his school, instead of breaking through the system on his own.
He reportedly had the login information for three separate district staff members.
“Somehow, and the investigation is trying to find out, he was able to obtain passwords,” said Joe Donzelli, district spokesperson. “When we found out about it late last week, our IT folks started locking down the system.”
The ParentLink system has been very useful for the school district. Last year it was used to make targeted communications to parents regarding the spread of the H1N1 virus and is helpful in making sure parents stay informed about what is happening at their child’s school.
Donzelli said an emphasis is now being put on strengthening the system’s security by having passwords changed and redesigned to be more difficult to decipher. Although the school district has a firewall to prevent students from accessing certain areas, Donzelli said the firewalls are constantly changing and evolving as new problems arise, and that the district is constantly working to upgrade its own defenses.
Diaz was bonded out of the Juvenile Assessment Center but it’s unclear what actions the district will take. He will have to attend a student hearing and penalties for his actions could range from a 10-day suspension to full expulsion.
“The district doesn’t have a lot of tolerance for something like this,” said Donzelli. “Students and children all make silly decisions, but there is a line. Hopefully this will give kids a pause.”
The Sheriff’s Office report also stated that Diaz tried to reverse the message he sent to nearly 2,000 families but found that it was too late.